[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] DHS and UK ID card biometric vendor in false ID lawsuit
Großartig, einfach großartig....
By John Lettice (john -
- theregister -
Published Tuesday 11th May 2004 12:50 GMT
At San Jose Superior Court today (11 May) biometrics company Identix
will seek to have a product liability and slander lawsuit against it
and the States of California and Oregon dismissed. Plaintiffs Roger
Benson and Miguel Espinoza are seeking restitution for the damage
inflicted on them by duplication in police records which gave them
other people's criminal records.
Benson was wrongfully imprisoned for 43 days for carrying a firearm
when a convicted felon, although the felony on his record had been
committed by someone else, while Espinoza, had his restaurant business
destroyed by a false record of a criminally negligent homicide
conviction. The plaintiffs claim that their problems stemmed from
Identix's Livescan 10-print, a fingerprint scanner used to enter
fingerprint data into police systems. Two months ago Identix was
re-confirmed as the winner of a Department of Homeland Security
Blanket Purchase Agreement (BPA) for fingeprint systems, this being
worth and estimated $27 million over five years. Identix is also
supplying equipment for the UK Passport Service's ID card pilot, so
one might reasonably consider that the stakes in San Jose Superior
Court will be rather high.
? Ad Script: List=Ad Domains Match=falkag
The case hinges on the origin of duplicate record ID numbers, but it
is the fact that these actually existed that is of the broadest
significance. Benson, whose case has been going through the courts
longest, stepped into trouble when he was pulled in for a traffic
violation and fingerprinted. This process was carried out using a
Livescan system, which produced an Electronic Fingerprint Card (EFC).
Each EFC is assigned a fingerprint control number, FPN, which is
intended to be unique. Previous paper-based systems, which are still
widely used in the US, use EFCs preprinted with a unique FPN, but this
is not the case with EFCs produced with the Livescan system. Benson's
EFC was created on February 6th 1998, and on September 10th 1998 one
William Lee Kellog, charged with multiple felonies, was put through
the booking process. Kellogg's EFC had the same FPN as Benson's.
FPNs are widely used in criminal justice databases, and the duplicate
records entered the Oregon Judicial Information Network (OJIN), where
Kellogg's convictions were attached to Benson's record. A routine
inspection in California the next year uncovered a handgun in Benson's
truck, and as his Oregon record said he was a thrice convicted felon,
he was arrested for being in violation of the California Penal Code.
The plaintiffs' complaint alleges that the defendants have known since
1996 "that Livescan machines had the identified propensity of creating
defective EFCs," and that they therefore knew that this was corrupting
criminal justice databases and court records. It is not clear from the
evidence presented that the blame rests entirely with the Livescan
equipment, but it does seem clear that Oregon was aware that
duplication incidents were occurring (a list of 97 of these was
compiled), and it has certainly taken Benson some considerable time,
against considerable opposition, to clear his name.
He was, for example, unaware of the biometric technology's influence
on his case until 2002, and prior to this had come up with some
decidedly paranoid theories to explain why his life was being
destroyed because of a traffic violation. As indeed, you might.
For the rest of us, the real issue is how fallibility in software and
human input can produce extremely serious errors in systems which are
intended to provide virtually infallible identification. There is here
no dispute that Benson's and Kellogg's biometric records are entirely
different (Benson has only nine fingertips, for starters), but the
processes operated in such a way that Benson's record got the
convictions. These spread from Oregon to California, and Benson's
attorney claims that he is still recorded by the FBI as having been
arrested as a felon in possession of a firearm.
Organisations deploying such systems should of course be extremely
concerned that they are not subject to such errors. Aside from the
impact on the victims, the creation of false records will damage the
integrity of the database they're used in initially, and the sharing
of this data will result in the corruption spreading into other
systems. The further it gets, the harder it will be to undo the
damage. But the more sure the designers are that they've ruled out
problems like this, the harder it will be to have errors corrected. If
it's impossible, then the people complaining have got to be mad,
right? The issue of how you deal with the data is actually far more
important than getting the technology to produce a "unique" biometric.
Glitches in ID card kit frustrate Blunkett's pod people
-- Attached file included as plaintext by Listar --
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.4 (MingW32)
-----END PGP MESSAGE-----
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.